Description
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
Remediation
References
Related Vulnerabilities
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.6)
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2190)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4220)
Squid Improper Input Validation Vulnerability (CVE-2021-33620)